Re: How our young colleagues are being educated....
*shameless plug* Usually not a topic for this list, and together with two co-founders we started an online university last to address some of the issues we saw with higher education. We currently have approval from the state of Vermont to give college credit, credits earned through Oplerno courses are transferable to other institutions of higher learning at the discretion of the receiving institution. If you think that this subject should be addressed at a college level and are interested in teaching it you are welcome to apply as a faculty member to teach an improved course. Kindest regards, Daniël Oplerno is built upon empowering faculty and students -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhat http://plancast.com/webhat http://www.linkedin.com/in/redhat On 22 December 2014 at 10:13, Javier J jav...@advancedmachines.us wrote: Dear NANOG Members, It has come to my attention, that higher learning institutions in North America are doing our young future colleagues a disservice. I recently ran into a student of Southern New Hampshire University enrolled in the Networking/Telecom Management course and was shocked by what I learned. Not only are they skimming over new technologies such as BGP, MPLS and the fundamentals of TCP/IP that run the internet and the networks of the world, they were focusing on ATM , Frame Relay and other technologies that are on their way out the door and will probably be extinct by the time this student graduates. They are teaching classful routing and skimming over CIDR. Is this indicative of the state of our education system as a whole? How is it this student doesn't know about OSPF and has never heard of RIP? If your network hardware is so old you need a crossover cable, it's time to upgrade. In this case, it’s time to upgrade our education system. I didn't write this email on the sole experience of my conversation with one student, I wrote this email because I have noticed a pattern emerging over the years with other university students at other schools across the country. It’s just the countless times I have crossed paths with a young IT professional and was literally in shock listening to the things they were being taught. Teaching old technologies instead of teaching what is currently being used benefits no one. Teaching classful and skipping CIDR is another thing that really gets my blood boiling. Are colleges teaching what an RFC is? Are colleges teaching what IPv6 is? What about unicast and multicast? I confirmed with one student half way through their studies that they were not properly taught how DNS works, and had no clue what the term “root servers” meant. Am I crazy? Am I ranting? Doesn't this need to be addressed? …..and if not by us, then by whom? How can we fix this?
Re: Sigh. 16 years ago today.
At the time he died I was just being introduced to Internet, and first read his name when reading rfc 821. I had never really heard of Jon Postel's legacy until a remembrance on this list some years back which is when I added a reminder to my calendar. Every year it reminds me that *if I have seen further it is by standing on the shoulders of giants.* D. Oplerno is built upon empowering faculty and students -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhat http://plancast.com/webhat http://www.linkedin.com/in/redhat On 16 October 2014 20:18, Owen DeLong o...@delong.com wrote: On Oct 15, 2014, at 23:20 , Larry Sheldon larryshel...@cox.net wrote: On 10/15/2014 23:42, Rodney Joffe wrote: https://www.ietf.org/rfc/rfc2468.txt I posted this to Facebook a while ago: From NANOG Subject: Sigh. 16 years ago today. https://www.ietf.org/rfc/rfc2468.txt [Ed. note: The man being remembered was important, and in ways, still is. But I mention it also because it points out that whereas we bang our heads against soul-less monoliths, it seems, in the early days it was a really small, close-knit group that brought this Internet thing out of the labs and stood it up and made it play in remarkably productive ways.] In many ways, today, it is a larger and more diverse group, but the bottom line is that behind all those peering relationships, NANOG conferences, ARIN meetings, etc. are a dedicated group of engineers just trying to keep it all functional. Owen -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Erroneous Leap Second Introduced at 2014-06-30 23:59:59 UTC
That's strange as I remember reading this yesterday: NO leap second will be introduced at the end of June 2014. http://hpiers.obspm.fr/iers/bul/bulc/bulletinc.dat D. Oplerno is built upon empowering faculty and students -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhat http://plancast.com/webhat http://www.linkedin.com/in/redhat On 1 July 2014 04:27, Majdi S. Abbas m...@latt.net wrote: On Mon, Jun 30, 2014 at 05:33:52PM -0700, Tim Heckman wrote: I just was alerted to one of the systems I managed having a time skew greater than 100ms from NTP sources. Upon further investigation it seemed that the time was off by almost exactly 1 second. Looking back over our NTP monitoring, it would appear that this system had a large time adjust at approximately 00:00 UTC: Okay. Do you have any logging configured (peerstats, etc?) for ntpd? A few of our systems did alert early this morning, indicating they were going to be receiving a leap second today. However, I was unable to determine the exact cause for NTP believing a leap second should be added. And after some time a few of the systems were no longer indicating that a leap second would be introduced. This can happen if a server is either passing along a leap notification that it received, or is configured to use a leapseconds file that is incorrect. This specific system is hosted in AWS US-WEST-2C and uses the 0.amazon.pool.ntp.org pool. 0 is just one server in the pool (whichever you draw by rotation); is this the only server you have configured? --msa
Re: ID10T out of office responders
My experience shows that when things go wrong there is usually an amplified feedback loop between your mail server and the remote, so ensure that any header you set is one that you drop too. This is also why the mighty no-reply@ was thought up, which simply drops all mail. It might be crude, but it's effective. D. -- Excuse my brevity, I'm using a mobile device On Apr 11, 2014 9:30 AM, Larry Sheldon larryshel...@cox.net wrote: On 4/11/2014 2:16 AM, Tei wrote: So Suppose I configure my email to send a Thanks, we have received your email, we will reply shortly in office hours.. Whats the Holy Headers so even poorly configured servers don't cause a AutoReply Storm? Googling, I found Precedence, X-Auto-Response-Suppress,..? For something like this, normally I would scan lots of opensource projects in www.google.com/codesearch (so I can learn from the projects with a large number of hours in production) , but seems down at the moment. Any device or process that uses information from the infinitely forgeable email headers is a process or device that can be subverted. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Re: Starting a greenfield carrier backbone network that can scale to national and international service. What would you do?
I recently saw an interesting talk about this at 30c3, this is the way some French ISPs are solving this: http://media.ccc.de/browse/congress/2013/30C3_-_5391_-_en_-_saal_6_-_201312291130_-_y_u_no_isp_taking_back_the_net_-_taziden.html D. Oplerno is built upon empowering faculty and students -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat On 4 April 2014 03:50, Brandon Ross br...@pobox.com wrote: Let's start with your basic assumption here. Why would you build a backbone at all if your goal is to solve last mile problems? It seems to me that the expense and distraction of building a large backbone network doesn't contribute to your goals at all, given that there are many high quality, nationwide backbone networks in North America today available at reasonable cost. On Thu, 3 Apr 2014, char...@thefnf.org wrote: Hello everyone, It's been some time since I've been subscribed/replied/posted here (or on WISPA for that matter). I've been pretty busy running a non profit startup (protip: don't do that. It's really really terrible) :) I'm cofounder and CTO of the Free Networking Foundation. Our goal is to bring broadband (5 mbps symmetric to start) bandwidth to the 2/3 of Americans who currently can't get it (rural, urban core, undeserved, $ILEC stops on otherside of street etc). Efforts so far primarily have consisted of WiFI last (square) mile delivery using Ubiquiti hardware and the qmp.cat firmware (also meraki access points that were donated, for some reason this seems to happen quite a bit). We've helped numerous networks get started, grow and (soon we hope) become self sustaining in Austin, Kansas City, Los Angeles, Detroit, New York and a few other places throughout the US. The networks are in various stages of maturity of course, but a number of them are fully operational and passing real traffic. Especially the one in Kansas City (it spans both states). These are (point to point, routed) access/distribution networks which connect into colocation providers blended networks. So that's the background and current state of affairs. Not really NANOG material. The next step is to secure our v6 space and AS number. Now that's not horribly difficult or really worthy of NANOG (though I do greatly appreciate folks on the list who helped me through the theory/practice of that process sometime ago). It appears to be fairly straightforward if you are not an LIR. Simply go through the paperwork (LOA, submit to ARIN, get out the credit card, textbook BGP config and done). And if FNF was operating the networks (we don't, we just help with organizing/consulting/software guidance/hardware spend optimization/logistics etc) and if there was just one POP (and associated administrative body), then again it wouldn't be that interesting or worth cluttering up NANOG. FNF goal is to serve as an LIR, SWIPing out /48 chunks to neighborhood level operators. They would then peer with whatever upstream ISPs are regionally close and announce out the space. This of course would be associated with a training program, registration in an IPAM tool etc. Regarding the above? What do the operators on this list wish they could of been trained in starting out? I mean obviously they should have good mastery and working experience of CCNA level material, along with exposure to higher level concepts of WAN networking. What are the tricks, the gotchas, the man that would of saved my company a million bucks in transit costs. Yes I realize these sort of things are usually closely held. I also am striving to create an entirely new breed of operators running BGP enabled sites with ipv6. The more I can do to help ease those folks integration into the internet, the better. In short, the often debated issue on this list of v6 endpoint explosion is going to be very very very real. What IPAM tools out there can scale to a multi hundred million node, distributed, eventual consistency national level? (I've been working closely with guifi.net, and we are attempting to relaunch that as a very slick Apple like experience with a libremap (couchdb based) system. I'd love to hear from folks across the spectrum of experience and network size. From folks who have been dual homed for ~1 year at a single site, to tier1 operators who were there when it all started. So what would you like to see done in a greenfield, open source, open governance carrier backbone network? What would a dream TIER1 (and I use that in the default free zone sense of the word) look like to you? Also how the heck would one get this bootstrapped at a sustainable pace? Would one create numerous tier2 regional carriers, and they would feed into an over arching tier1? I'm thinking something like a 501c8
Re: Open source hardware
On 4 January 2014 00:49, Darren Pilgrim na...@bitfreak.org wrote: Why would you think other platforms would be any safer? The NSA plants those bugs with interdiction operations. They could similarly install eavesdroppers in the USB/serial links of your KVM switches and terminal servers and capture your root/admin/console passwords. In my opinion there is a clear difference between being targeted and having a backdoor in your network equipment by default. D. -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat
Re: Open source hardware
On 4 January 2014 08:34, Arnd Vehling a...@nethead.de wrote: On 04.01.2014 07:49, Darren Pilgrim wrote: Dell, HP, Cisco, etc. were named because the leaked docs mention hardware-specific BIOS/firmware bugging such as ILO piggybacking in a Proliant. I think it's foolhardy believing they wouldn't have similar attacks for just about everything. Highly unlickely they have similiar attacks for everything. They for sure can make em if they see fit but they dont have backdoors to everything. To my surprise I am seeing a theme fatalistic acceptance in this thread, it seems like some who have been kind enough to answer privately or publicly are of the opinion that either everything is already backdoored by the US designers and/or by the Chinese manufacturers. I doubt however that any of these people would hand over their root passwords to the US or Chinese government willingly. A number have mentioned that if you are targeted there is little you can do, and this is something that I agree with to a certain extent. This doesn't mean you leave the barndoor open. D. -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat
Re: Open source hardware
Good point Jimmy, there is a world of hurt involved, although it may be slightly less painless when you realize that the alternative is: *the NSA [who] has modified the firmware of computers and network hardware—including systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper Networks—to give its operators both eyes and ears inside the offices the agency has targeted.*[1] There's already a world of hurt involved when you can't trust your equipment because they potentially have backdoors in them. D. 1. http://arstechnica.com/information-technology/2013/12/inside-the-nsas-leaked-catalog-of-surveillance-magic/ Oplerno is built upon empowering faculty and students We want you to found (and fund) Oplerno with ushttp://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=emailutm_medium=danielutm_content=signaturetextutm_campaign=indiegogo [image: Support Us Here]http://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=emailutm_medium=danielutm_content=signaturectautm_campaign=indiegogo -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat On 3 January 2014 06:01, Jimmy Hess mysi...@gmail.com wrote: On Thu, Jan 2, 2014 at 8:53 PM, Andrew Duey andrew.d...@widerangebroadband.net wrote: I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs. We are currently using the vyatta community edition and so far it's been good to to us. It depends on your hardware and how small of an ISP you are but it might be a great open source fit for you. The orig. author has potentially set course for a world of hurt -- if the plan is to scrap robust packaged highly-validated gear having separate hardware forwarding planes and ASIC-driven filtering, to stick cheap x86 servers in the SP core and internet borders. Sure... anyone can install Vyatta on a x86 server, but assembly of all the pieces and full validation for a resilient platform comparable to carrier grade gear, for a mission critical network, should be a bit more involved than that. Next up how to build your own 10-Gigabit SFPs to avoid paying for expensive brand-name SFPs, by putting together some chips, wires, fiber, and tying it all together with a piece of duck tape just saying... :) --Andrew Duey -- -JH
Open source hardware
Hi, a friend of mine mentioned he wants to migrate away from carrier grade equipment such as Juniper and Cisco to open source hardware. Both of us haven't been able to find anything that would fulfill the requirements that a smallish ISP might have. Does anybody here have any advise? Kind regards and best wishes for the new year, Daniël Oplerno is built upon empowering faculty and students We want you to found (and fund) Oplerno with ushttp://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=emailutm_medium=danielutm_content=signaturetextutm_campaign=indiegogo [image: Support Us Here]http://www.indiegogo.com/projects/oplerno-a-new-and-affordable-higher-education?utm_source=emailutm_medium=danielutm_content=signaturectautm_campaign=indiegogo -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat
Re: Automatic abuse reports
On 12 November 2013 22:52, Sam Moats s...@circlenet.us wrote: We used to use a small perl script called tattle that would parse out the /var/log/secure on our *nix boxes, isolate the inbound ssh exploits, lookup the proper abuse contacts and report them. I haven't seen anything similar in years but it would be interesting to do more than null route IPs. We also used to have a script which did something similar but for more than just inbound ssh, for the most part this was ineffective. D. blaze your trail -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat
Re: SMTP Authentication for Local Domain in Postfix
Hi Shahab, Your mistake is highlighted below, the order of *smtpd_sender_restriction* is such that you are permitting local delivery to your network before sasl authentication. In my config I removed it and only have it in * smtpd_recipient_restrictions* and then only after sasl authentication has been confirmed. D. On 15 August 2013 12:45, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: smtpd_sender_restriction = *permit_mynetworks,* permit_sasl_authenticated, check_sender_access hash:/etc/postfix/access_table reject_unknown_sender_domain, reject_non_fqdn_sender -- blaze your trail -- Daniël W. Crompton daniel.cromp...@gmail.com https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/9c8fce98bbc355155ff591c8c4d3294a?ytl=http%3A%2F%2Fspecialbrands.net%2F https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/cc9b3750556f40b371120db27da84d11?ytl=http%3A%2F%2Fspecialbrands.net%2F http://specialbrands.net/https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/33a803ba48245f2276f8943967dbf30e?ytl=http%3A%2F%2Fspecialbrands.net%2F https://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/339a2b8408365402f2b9e59e6fdbe2e6?ytl=http%3A%2F%2Ftwitter.com%2Fwebhathttps://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/6c8846d4630a6a1ebaacdc40b89e581f?ytl=http%3A%2F%2Fwww.facebook.com%2Fwebhathttps://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/56449b71c495a3b3a42c3aac78e5fe9f?ytl=http%3A%2F%2Fplancast.com%2Fwebhathttps://app.yesware.com/tl/9c9e8bb890b2c61ccf5ccb1efbfd0ea222e4bce5/2b6126186c37cd18734057f92f930bce/f3abd8021c37d45a3b07299253bbe6fe?ytl=http%3A%2F%2Fwww.linkedin.com%2Fin%2Fredhat
Re: Coded TCP
On 24 October 2012 08:35, Masataka Ohta mo...@necom830.hpcl.titech.ac.jpwrote: (2012/10/24 12:29), Rodrick Brown wrote: With coded TCP, blocks of packets are clumped together and then transformed into algebraic equations that describe the packets. If part of the message is lost, the receiver can solve the equation to derive the missing data. Don't do that. This reads much like Reed-Solomon Error Correction[1], although it is a good way to reconstruct lost data it introduces a network overhead and a performance impact due to the reconstruction. The analysis states: *the receiver will receive at least 10 linear combinations to decode the original 10 packets.* Which reads to me as we need 10 packets of error correction data to reconstruct 10 packets. The only advantage I can see here, is that it would outperform UDP. :) D. 1. http://en.wikipedia.org/wiki/Reed%E2%80%93Solomon_error_correction -- blaze your trail -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat
Re: OT: Given what you know now, if you were 21 again...
Hi Larry, I would learn 2 things: * having fun learning * time management It's been almost 14 years since I was 21 and I concur with many of the things mentioned in this thread, and learned a few of them. However it wasn't all the time I spend studying and learning, it's all the time I spend being bored with studying that could have been easily solved with a little patience and guidance on how to have fun learning. It wasn't until I discovered the methods which were most effective for learning a certain subject and keeping it fun. Time management is another thing I would have wanted to start asap. So I could have scheduled the procrastination and use the best parts of the day to work or learn effectively. my 2c D. On 13/07/2011, Larry Stites nc...@sbcglobal.net wrote: Given what you know now, if you were 21 and just starting into networking / communications industry which areas of study or specialty would you prioritize? Thanks Larry Stites NCNetworks, Inc. Nevada City, CA 95959 -- blaze your trail -- Daniël W. Crompton daniel.cromp...@gmail.com http://specialbrands.net/ http://specialbrands.net/ http://specialbrands.net/ http://twitter.com/webhat http://www.facebook.com/webhathttp://plancast.com/webhathttp://www.linkedin.com/in/redhat
